2

I've tried researching this question, but can't find any relevant information. The protocol was standardized in 1982, but as far as I know, there have been no attempts to try and fix it.

My guess would be that "fixing" the protocol would cause more problems than it would solve. Maybe I don't know enough and the answer to why it hasn't been fixed is too technical. Granted major code bases would have to be updated/changed, why not just create a newer, safer protocol?

Greg M
  • 245
  • 1
  • 8
  • Starting from scratch is not an answer because this would require completely new standard. Instead extensions and features are added to address the issue. – Aria Aug 30 '16 at 23:07

1 Answers1

3

My guess would be that "fixing" the protocol would cause more problems than it would solve.

Partly answers the question indeed.

IPv4

ARP was more a solution to a problem that occurred when we started using internal networks. One might even call it a hack to get things working internally, and the entire idea to communicate via hardware addresses without the need for an internet protocol let to the development of the ARP protocol. At the time, only few were concerned with security, let alone network security. Like many protocols and systems developed in the early '80 (STMP, FTP, ...), people were happy if it worked at all, not thinking this could lead to major security-related problems in the next decades. Since then we've tried to replace old systems and protocols, but is has proven hard, mostly due to compatibility and legacy issues. All of the OSI-7 layer protocols can make use of TLS tunnels to secure communication and guarantee confidentiality. Since ARP is so basic, and widely used replacing it wit a secure alternative will be very difficult.

IPv6

Since the '90 we know security must be taken into account when drafting new protocols. IPv6 is the living prove, and can be configured to work with IPSec to tunnel traffic in the network layer, and other nifty features. One of these features is NDP, which basically does the same thing as ARP, but different. NDP learned its lesson from the ARP ages, and does offer additional security via SEND (Secure Neighbor Discovery Protocol). SEND uses crypto based on addresses (this is quite awesome) to determine the authenticity of a claim. Sadly IPv6 still isn't de facto today, for the same reasons as ARP is still alive and kicking.

Yorick de Wid
  • 3,346
  • 14
  • 22